Static analysis (or static analysis tools) has been found useful and effective in detecting common programming bugs such as Division by Zero, Buffer Overflow, Array Index Out of Bound, and Null/Illegal Dereference of a pointer. It reports a program point of interest as safe or unsafe when sufficient information is available or may be computed by these tools. In the other case, if sufficient information is not available or may not be computed statically, it reports such program points as warnings/alarms. The program points of interest correspond to the locations/points in the code where the presence of such common programming defects is to be checked/detected.
Static analysis usually results in plurality of warnings. A user is supposed to analyze each warning manually. Each warning requires dealing with the utmost care, as the analysis of the warnings is required to verify a software application. The review of the warnings provides an assurance that there will not be a system failure or an error at run-time occurring due to the common programming errors. This manual review of the warnings is costly, highly time consuming, and tedious. Also, a repetitive and monotonous manual review of warnings makes the analysis work of a user less interesting.
Current research areas are focusing toward making static analysis more precise in nature, so that fewer warnings are generated. The presently-available static analysis tools only inform a user whether a program point of interest is safe or unsafe, and the tools do not assist in providing any useful information or help to a user so that the review of warnings gets easier for the user. Moreover, during the review of a warning, the user is supposed to traverse a lot of code to collect the necessary information that is required in determining the warning as safe or unsafe. This code traversal generally costs more than half of the time that is spent during the manual reviews. Also, the manual process to collect the required information is error-prone, as a user may not correctly identify the required information on very large size applications.